A security issue in util-linux's login-utils's chfn/chsh commands has been announced: http://openwall.com/lists/oss-security/2015/08/24/3 Only when it's built without libuser support (like ours) is it affected. I'm not sure why ours is built without it, when Fedora's is built with it. I've asked about that on the dev list. In the meantime, the upstream patch was backported to 2.25.2 and checked into Mageia 5 and Cauldron SVN. The lib/fileutils.c portion of the patch isn't obviously backportable to 2.24.2 in Mageia 4. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
CC: (none) => mageiaAssignee: bugsquad => tmb
Nobody responded to my question on the dev list about why our util-linux is built without libuser support.
There are now some answers to the question about adding libuser support: https://ml.mageia.org/l/arc/dev/2015-09/msg00034.html As it does not seem consensual yet, I'd suggest to just provide an update candidate to Mageia 5 with the patch you already checked in (also remove %_libdir/libuuid.la at the same time), and maybe only enable libuser support in cauldron.
OK, this is WONTFIX for Mageia 4 then too.
Whiteboard: MGA5TOO, MGA4TOO => MGA5TOO
Advisory: ======================== Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker could repeatedly call them and eventually be able to overwrite certain files in /etc (CVE-2015-5224). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5224 http://openwall.com/lists/oss-security/2015/08/24/3 ======================== Updated packages in core/updates_testing: ======================== util-linux-2.25.2-3.1.mga5 libblkid1-2.25.2-3.1.mga5 libblkid-devel-2.25.2-3.1.mga5 libuuid1-2.25.2-3.1.mga5 libuuid-devel-2.25.2-3.1.mga5 uuidd-2.25.2-3.1.mga5 python-libmount-2.25.2-3.1.mga5 libmount1-2.25.2-3.1.mga5 libmount-devel-2.25.2-3.1.mga5 libsmartcols1-2.25.2-3.1.mga5 libsmartcols-devel-2.25.2-3.1.mga5 from util-linux-2.25.2-3.1.mga5.src.rpm
CC: (none) => tmbVersion: Cauldron => 5Assignee: tmb => qa-bugsWhiteboard: MGA5TOO => (none)
Tested chsh and chfn on MGA5-64-OK . Marking as such.
CC: (none) => shlomifWhiteboard: (none) => MGA5-64-OK
MArking as MGA5-32-OK and validated_update.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA5-64-OK MGA5-32-OK => advisory MGA5-64-OK MGA5-32-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0352.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/656987/